This question came from our site for users of Linux, FreeBSD and other Un*x-like operating systems..

2

Security is a very broad term. What sorts of threats and attacks are you worried about? Please read the FAQ for great tips on adding helpful context, and update the question.
–
nealmcbMar 16 '11 at 16:43

@nealmcb, I would wager that this is a question from a university assignment.
–
msanfordMar 24 '11 at 20:31

5 Answers
5

Depends on the view point, if you're seeing this from the DHCP server impersonating and poisoning attack vector, you are actually decreasing security and the time it takes for the exploit to succeed. You are also increasing the chances of races to succeed on some race condition scenarios. In conclusion, this question is better asked in some specific explicit scenario or attack vector that you're worried about and not as a general rule.

In very general terms, no. Presumably the inference of potentially increased security you're making is that by switching IP frequently, there will be an increased barrier to sustaining prolonged attacks against a given host. In reality however, the real network identifier of base interest is the MAC address, which will stay constant under this model. Therefore re-identifying the host between DHCP intervals would be trivial.

The most you're likely to achieve is a slightly elevated level of annoyance (for the attacker) should an attacker be attempting to execute a task such as a slow port-scan as they may be required to break up the task into smaller sub-tasks which can complete within one IP refresh interval.

1) DHCP lease times mean nothing if the computer is connected (RFC2131 is what's pertinent here). As long as a client is connected to the network, it can (and will/should) keep requesting (and being granted) the same address before the lease time expires, and the server will keep granting it. Essentially, the lease time just determines how long one IP is reserved for one MAC address. When the lease time expires, if the client hasn't renewed it, it's free to be given to another client. The only purpose of changing the lease time is either a) lowering it, if you're running out of addresses and need to reclaim unused IPs quicker, or b) letting one host keep the same address for an extended amount of time (say, if you power machines off at night and want them to have the same address when they start up in the morning).

2) Take this from the experience of someone who administers DHCP at a university, handing out well over 64,000 addresses - the only thing a shorter lease time will do for security is drastically increase your log volume, and make it more likely that data matching MAC addesses to IPs will get lost or not make it everywhere it needs to.

It's too subjective, in terms of making sure that there isn't the same IP on the same computer for too long, then yes, in a sense you could call that an 'increase' in security. On the other hand if something was opened on the machine and has a backdoor, it doesn't matter what the IP or lease looks like because the attacker could just open a shell and do a reverse tcp back to their machine, which would completely eliminate any security increase for that type of situation.

Other than that, i can't see why you'd need to renew the dhcp lease every xx minutes. If it's attached to DNS somehow, it would be a pain in the butt to update that each time the lease is renewed.

The short answer is: No. Short DHCP lease times don't add security. They do little or nothing to prevent the most likely forms of attack. Don't bother messing around with that; it's not a good use of your time. Life is too short. It's a better use of your limited time to focus on standard security measures.